Skip to content

artif: collect SSH public keys, test secret keys for null passphrases #424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
halpomeranz wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

artif: collect SSH public keys, test secret keys for null passphrases #424

halpomeranz wants to merge 1 commit into from

Conversation

@halpomeranz
Copy link
Contributor

@halpomeranz halpomeranz commented Jan 13, 2026

Adding two new SSH artifacts to help track attacker lateral movement.

uac-cra/artifacts/files/ssh/public_keys.yaml collects public keys from user .ssh directories so that they can be correlated against authorized_keys entries.

.../check_passphrase.yaml checks secret keys to see which ones have null passphrases, making them more useful to attackers.

artif: collect SSH public keys, test secret keys for null passphrases
f768b14 
Adding two new SSH artifacts to help track attacker lateral movement. uac-cra/artifacts/files/ssh/public_keys.yaml collects public keys from user .ssh directories so that they can be correlated against authorized_keys entries. .../check_passphrase.yaml checks secret keys to see which ones have null passphrases, making them more useful to attackers.

Signed-off-by: Hal Pomeranz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@halpomeranz